mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33490 Commits
59 Branches
Tree: a7431823ca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a7431823ca'
${ noResults }
sonarqube/server/sonar-webserver-webapi/src/test/java/org/sonar/server/webhook/ws/CreateActionTest.java

CreateActionTest.java 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2023 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.webhook.ws;

  21. 

  22. import org.junit.Rule;

  23. import org.junit.Test;

  24. import org.sonar.api.config.Configuration;

  25. import org.sonar.api.resources.ResourceTypes;

  26. import org.sonar.api.server.ws.WebService;

  27. import org.sonar.core.util.UuidFactory;

  28. import org.sonar.core.util.UuidFactoryFast;

  29. import org.sonar.db.DbClient;

  30. import org.sonar.db.DbTester;

  31. import org.sonar.db.component.ComponentDbTester;

  32. import org.sonar.db.component.ComponentDto;

  33. import org.sonar.db.project.ProjectDto;

  34. import org.sonar.db.webhook.WebhookDbTester;

  35. import org.sonar.server.component.ComponentFinder;

  36. import org.sonar.server.exceptions.ForbiddenException;

  37. import org.sonar.server.exceptions.NotFoundException;

  38. import org.sonar.server.exceptions.UnauthorizedException;

  39. import org.sonar.server.tester.UserSessionRule;

  40. import org.sonar.server.ws.TestRequest;

  41. import org.sonar.server.ws.WsActionTester;

  42. import org.sonarqube.ws.Webhooks.CreateWsResponse;

  43. 

  44. import static java.lang.String.format;

  45. import static org.assertj.core.api.Assertions.assertThat;

  46. import static org.assertj.core.api.Assertions.assertThatThrownBy;

  47. import static org.assertj.core.api.AssertionsForClassTypes.tuple;

  48. import static org.mockito.Mockito.mock;

  49. import static org.sonar.api.web.UserRole.ADMIN;

  50. import static org.sonar.db.DbTester.create;

  51. import static org.sonar.db.permission.GlobalPermission.ADMINISTER;

  52. import static org.sonar.server.tester.UserSessionRule.standalone;

  53. import static org.sonar.server.webhook.ws.WebhooksWsParameters.NAME_PARAM;

  54. import static org.sonar.server.webhook.ws.WebhooksWsParameters.PROJECT_KEY_PARAM;

  55. import static org.sonar.server.webhook.ws.WebhooksWsParameters.URL_PARAM;

  56. import static org.sonar.server.ws.KeyExamples.NAME_WEBHOOK_EXAMPLE_001;

  57. import static org.sonar.server.ws.KeyExamples.URL_WEBHOOK_EXAMPLE_001;

  58. 

  59. public class CreateActionTest {

  60. 

  61.   @Rule

  62.   public UserSessionRule userSession = standalone();

  63. 

  64.   @Rule

  65.   public DbTester db = create();

  66.   private final DbClient dbClient = db.getDbClient();

  67.   private final WebhookDbTester webhookDbTester = db.webhooks();

  68.   private final ComponentDbTester componentDbTester = db.components();

  69.   private final UuidFactory uuidFactory = UuidFactoryFast.getInstance();

  70.   private final Configuration configuration = mock(Configuration.class);

  71.   private final NetworkInterfaceProvider networkInterfaceProvider = mock(NetworkInterfaceProvider.class);

  72.   private final WebhookSupport webhookSupport = new WebhookSupport(userSession, configuration, networkInterfaceProvider);

  73.   private final ResourceTypes resourceTypes = mock(ResourceTypes.class);

  74.   private final ComponentFinder componentFinder = new ComponentFinder(dbClient, resourceTypes);

  75.   private final CreateAction underTest = new CreateAction(dbClient, userSession, uuidFactory, webhookSupport, componentFinder);

  76.   private final WsActionTester wsActionTester = new WsActionTester(underTest);

  77. 

  78.   @Test

  79.   public void test_ws_definition() {

  80.     WebService.Action action = wsActionTester.getDef();

  81.     assertThat(action).isNotNull();

  82.     assertThat(action.isInternal()).isFalse();

  83.     assertThat(action.isPost()).isTrue();

  84.     assertThat(action.responseExampleAsString()).isNotEmpty();

  85. 

  86.     assertThat(action.params())

  87.       .extracting(WebService.Param::key, WebService.Param::isRequired)

  88.       .containsExactlyInAnyOrder(

  89.         tuple("project", false),

  90.         tuple("name", true),

  91.         tuple("url", true),

  92.         tuple("secret", false));

  93. 

  94.   }

  95. 

  96.   @Test

  97.   public void create_a_webhook_with_400_length_project_key() {

  98.     String longProjectKey = generateStringWithLength(400);

  99.     ComponentDto project = componentDbTester.insertPrivateProject(componentDto -> componentDto.setKey(longProjectKey));

  100. 

  101.     userSession.logIn().addProjectPermission(ADMIN, project);

  102. 

  103.     CreateWsResponse response = wsActionTester.newRequest()

  104.       .setParam("project", longProjectKey)

  105.       .setParam("name", NAME_WEBHOOK_EXAMPLE_001)

  106.       .setParam("url", URL_WEBHOOK_EXAMPLE_001)

  107.       .setParam("secret", "a_secret")

  108.       .executeProtobuf(CreateWsResponse.class);

  109. 

  110.     assertThat(response.getWebhook()).isNotNull();

  111.     assertThat(response.getWebhook().getKey()).isNotNull();

  112.     assertThat(response.getWebhook().getName()).isEqualTo(NAME_WEBHOOK_EXAMPLE_001);

  113.     assertThat(response.getWebhook().getUrl()).isEqualTo(URL_WEBHOOK_EXAMPLE_001);

  114.     assertThat(response.getWebhook().getHasSecret()).isTrue();

  115.   }

  116. 

  117.   @Test

  118.   public void create_a_webhook_with_secret() {

  119.     userSession.logIn().addPermission(ADMINISTER);

  120. 

  121.     CreateWsResponse response = wsActionTester.newRequest()

  122.       .setParam("name", NAME_WEBHOOK_EXAMPLE_001)

  123.       .setParam("url", URL_WEBHOOK_EXAMPLE_001)

  124.       .setParam("secret", "a_secret")

  125.       .executeProtobuf(CreateWsResponse.class);

  126. 

  127.     assertThat(response.getWebhook()).isNotNull();

  128.     assertThat(response.getWebhook().getKey()).isNotNull();

  129.     assertThat(response.getWebhook().getName()).isEqualTo(NAME_WEBHOOK_EXAMPLE_001);

  130.     assertThat(response.getWebhook().getUrl()).isEqualTo(URL_WEBHOOK_EXAMPLE_001);

  131.     assertThat(response.getWebhook().getHasSecret()).isTrue();

  132. 

  133.     assertThat(webhookDbTester.selectWebhook(response.getWebhook().getKey()))

  134.       .isPresent()

  135.       .hasValueSatisfying(reloaded -> {

  136.         assertThat(reloaded.getName()).isEqualTo(NAME_WEBHOOK_EXAMPLE_001);

  137.         assertThat(reloaded.getUrl()).isEqualTo(URL_WEBHOOK_EXAMPLE_001);

  138.         assertThat(reloaded.getProjectUuid()).isNull();

  139.         assertThat(reloaded.getSecret()).isEqualTo("a_secret");

  140.       });

  141.   }

  142. 

  143.   @Test

  144.   public void create_a_global_webhook() {

  145.     userSession.logIn().addPermission(ADMINISTER);

  146. 

  147.     CreateWsResponse response = wsActionTester.newRequest()

  148.       .setParam("name", NAME_WEBHOOK_EXAMPLE_001)

  149.       .setParam("url", URL_WEBHOOK_EXAMPLE_001)

  150.       .executeProtobuf(CreateWsResponse.class);

  151. 

  152.     assertThat(response.getWebhook()).isNotNull();

  153.     assertThat(response.getWebhook().getKey()).isNotNull();

  154.     assertThat(response.getWebhook().getName()).isEqualTo(NAME_WEBHOOK_EXAMPLE_001);

  155.     assertThat(response.getWebhook().getUrl()).isEqualTo(URL_WEBHOOK_EXAMPLE_001);

  156.     assertThat(response.getWebhook().getHasSecret()).isFalse();

  157.   }

  158. 

  159.   @Test

  160.   public void create_a_webhook_on_project() {

  161.     ComponentDto project = componentDbTester.insertPrivateProject();

  162. 

  163.     userSession.logIn().addProjectPermission(ADMIN, project);

  164. 

  165.     CreateWsResponse response = wsActionTester.newRequest()

  166.       .setParam("project", project.getKey())

  167.       .setParam("name", NAME_WEBHOOK_EXAMPLE_001)

  168.       .setParam("url", URL_WEBHOOK_EXAMPLE_001)

  169.       .executeProtobuf(CreateWsResponse.class);

  170. 

  171.     assertThat(response.getWebhook()).isNotNull();

  172.     assertThat(response.getWebhook().getKey()).isNotNull();

  173.     assertThat(response.getWebhook().getName()).isEqualTo(NAME_WEBHOOK_EXAMPLE_001);

  174.     assertThat(response.getWebhook().getUrl()).isEqualTo(URL_WEBHOOK_EXAMPLE_001);

  175.     assertThat(response.getWebhook().getHasSecret()).isFalse();

  176.   }

  177. 

  178.   @Test

  179.   public void fail_if_project_does_not_exist() {

  180.     userSession.logIn();

  181.     TestRequest request = wsActionTester.newRequest()

  182.       .setParam(PROJECT_KEY_PARAM, "nonexistent-project-uuid")

  183.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  184.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);

  185. 

  186.     assertThatThrownBy(request::execute)

  187.       .isInstanceOf(NotFoundException.class)

  188.       .hasMessage("Project 'nonexistent-project-uuid' not found");

  189.   }

  190. 

  191.   @Test

  192.   public void fail_if_crossing_maximum_quantity_of_webhooks_on_this_project() {

  193.     ProjectDto project = componentDbTester.insertPrivateProjectDto();

  194.     for (int i = 0; i < 10; i++) {

  195.       webhookDbTester.insertWebhook(project);

  196.     }

  197.     userSession.logIn().addProjectPermission(ADMIN, project);

  198.     TestRequest request = wsActionTester.newRequest()

  199.       .setParam(PROJECT_KEY_PARAM, project.getKey())

  200.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  201.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);

  202. 

  203.     assertThatThrownBy(request::execute)

  204.       .isInstanceOf(IllegalArgumentException.class)

  205.       .hasMessage(format("Maximum number of webhook reached for project '%s'", project.getKey()));

  206.   }

  207. 

  208.   @Test

  209.   public void fail_if_crossing_maximum_quantity_of_global_webhooks() {

  210.     for (int i = 0; i < 10; i++) {

  211.       webhookDbTester.insertGlobalWebhook();

  212.     }

  213.     userSession.logIn().addPermission(ADMINISTER);

  214.     TestRequest request = wsActionTester.newRequest()

  215.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  216.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);

  217. 

  218.     assertThatThrownBy(request::execute)

  219.       .isInstanceOf(IllegalArgumentException.class)

  220.       .hasMessage("Maximum number of global webhooks reached");

  221.   }

  222. 

  223.   @Test

  224.   public void fail_if_url_is_not_valid() {

  225.     userSession.logIn().addPermission(ADMINISTER);

  226.     TestRequest request = wsActionTester.newRequest()

  227.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  228.       .setParam(URL_PARAM, "htp://www.wrong-protocol.com/");

  229. 

  230.     assertThatThrownBy(request::execute)

  231.       .isInstanceOf(IllegalArgumentException.class);

  232.   }

  233. 

  234.   @Test

  235.   public void fail_if_credential_in_url_is_have_a_wrong_format() {

  236.     userSession.logIn().addPermission(ADMINISTER);

  237.     TestRequest request = wsActionTester.newRequest()

  238.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  239.       .setParam(URL_PARAM, "http://:www.wrong-protocol.com/");

  240. 

  241.     assertThatThrownBy(request::execute)

  242.       .isInstanceOf(IllegalArgumentException.class);

  243.   }

  244. 

  245.   @Test

  246.   public void return_UnauthorizedException_if_not_logged_in() {

  247.     userSession.anonymous();

  248.     TestRequest request = wsActionTester.newRequest()

  249.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  250.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);

  251. 

  252.     assertThatThrownBy(request::execute)

  253.       .isInstanceOf(UnauthorizedException.class);

  254.   }

  255. 

  256.   @Test

  257.   public void throw_ForbiddenException_if_project_not_provided_but_user_is_not_administrator() {

  258.     userSession.logIn();

  259.     TestRequest request = wsActionTester.newRequest()

  260.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  261.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001);

  262. 

  263.     assertThatThrownBy(request::execute)

  264.       .isInstanceOf(ForbiddenException.class).hasMessage("Insufficient privileges");

  265.   }

  266. 

  267.   @Test

  268.   public void throw_ForbiddenException_if_not_project_administrator() {

  269.     ComponentDto project = componentDbTester.insertPrivateProject();

  270.     userSession.logIn();

  271.     TestRequest request = wsActionTester.newRequest()

  272.       .setParam(NAME_PARAM, NAME_WEBHOOK_EXAMPLE_001)

  273.       .setParam(URL_PARAM, URL_WEBHOOK_EXAMPLE_001)

  274.       .setParam(PROJECT_KEY_PARAM, project.getKey());

  275. 

  276.     assertThatThrownBy(request::execute)

  277.       .isInstanceOf(ForbiddenException.class)

  278.       .hasMessage("Insufficient privileges");

  279.   }

  280. 

  281.   @Test

  282.   public void throw_IllegalArgumentException_if_project_key_greater_than_400() {

  283.     String longProjectKey = generateStringWithLength(401);

  284.     userSession.logIn().addPermission(ADMINISTER);

  285.     TestRequest request = wsActionTester.newRequest()

  286.       .setParam("project", longProjectKey)

  287.       .setParam("name", NAME_WEBHOOK_EXAMPLE_001)

  288.       .setParam("url", URL_WEBHOOK_EXAMPLE_001)

  289.       .setParam("secret", "a_secret");

  290. 

  291.     assertThatThrownBy(() -> request.executeProtobuf(CreateWsResponse.class))

  292.       .isInstanceOf(IllegalArgumentException.class)

  293.       .hasMessage("'project' length (401) is longer than the maximum authorized (400)");

  294.   }

  295. 

  296.   private static String generateStringWithLength(int length) {

  297.     return "x".repeat(Math.max(0, length));

  298.   }

  299. 

  300. }